From b4743f9efb685545cdd780cc9ba7a50e083dd8cf Mon Sep 17 00:00:00 2001 From: Simponic Date: Mon, 19 Dec 2022 02:39:40 -0700 Subject: Get public key authenticator actually running, add password validator via hash --- config/config.exs | 12 +++++-- config/dev.exs | 8 ----- lib/auth/keys.ex | 8 ----- lib/auth/password.ex | 7 ---- lib/chessh.ex | 2 -- lib/chessh/auth/keys.ex | 10 ++++++ lib/chessh/auth/password.ex | 12 +++++++ lib/chessh/schema/player.ex | 81 +++++++++++++++++++++++++++++++++++++++++++++ lib/chessh/schema/repo.ex | 5 +++ lib/schema/player.ex | 81 --------------------------------------------- lib/schema/repo.ex | 5 --- mix.exs | 1 + test/chessh_test.exs | 4 +++ test/server_test.exs | 8 ----- 14 files changed, 123 insertions(+), 121 deletions(-) delete mode 100644 lib/auth/keys.ex delete mode 100644 lib/auth/password.ex create mode 100644 lib/chessh/auth/keys.ex create mode 100644 lib/chessh/auth/password.ex create mode 100644 lib/chessh/schema/player.ex create mode 100644 lib/chessh/schema/repo.ex delete mode 100644 lib/schema/player.ex delete mode 100644 lib/schema/repo.ex create mode 100644 test/chessh_test.exs delete mode 100644 test/server_test.exs diff --git a/config/config.exs b/config/config.exs index 807824a..61bf72f 100644 --- a/config/config.exs +++ b/config/config.exs @@ -1,11 +1,19 @@ import Config +config :chessh, Chessh.Repo, + database: "chessh", + username: "postgres", + password: "postgres", + hostname: "localhost" + +config :chessh, ecto_repos: [Chessh.Repo] + config :esshd, enabled: true, priv_dir: Path.join(Path.dirname(__DIR__), "priv/keys"), handler: {Chessh.Shell, :on_shell, 4}, port: 42069, - public_key_authenticator: Chessh.Auth.KeyAuthenticator, - password_authenticator: Chessh.Auth.PasswordAuthenticator + password_authenticator: Chessh.Auth.PasswordAuthenticator, + public_key_authenticator: Chessh.Auth.KeyAuthenticator import_config "#{config_env()}.exs" diff --git a/config/dev.exs b/config/dev.exs index f71d02e..becde76 100644 --- a/config/dev.exs +++ b/config/dev.exs @@ -1,9 +1 @@ import Config - -config :chessh, Chessh.Repo, - database: "chessh", - username: "postgres", - password: "postgres", - hostname: "localhost" - -config :chessh, ecto_repos: [Chessh.Repo] diff --git a/lib/auth/keys.ex b/lib/auth/keys.ex deleted file mode 100644 index 3e0f142..0000000 --- a/lib/auth/keys.ex +++ /dev/null @@ -1,8 +0,0 @@ -defmodule Chessh.Auth.KeyAuthenticator do - use Sshd.PublicKeyAuthenticator - require Logger - - def authenticate(_, _, _) do - false - end -end diff --git a/lib/auth/password.ex b/lib/auth/password.ex deleted file mode 100644 index 5e31b33..0000000 --- a/lib/auth/password.ex +++ /dev/null @@ -1,7 +0,0 @@ -defmodule Chessh.Auth.PasswordAuthenticator do - use Sshd.PasswordAuthenticator - - def authenticate(_username, _password) do - true - end -end diff --git a/lib/chessh.ex b/lib/chessh.ex index 42bb21f..82d0cfc 100644 --- a/lib/chessh.ex +++ b/lib/chessh.ex @@ -1,6 +1,4 @@ defmodule Chessh do - require Logger - def hello() do :world end diff --git a/lib/chessh/auth/keys.ex b/lib/chessh/auth/keys.ex new file mode 100644 index 0000000..d85f4a4 --- /dev/null +++ b/lib/chessh/auth/keys.ex @@ -0,0 +1,10 @@ +defmodule Chessh.Auth.KeyAuthenticator do + use Sshd.PublicKeyAuthenticator + require Logger + + def authenticate(username, public_key, _opts) do + Logger.debug("#{inspect(username)}") + Logger.debug("#{inspect(public_key)}") + true + end +end diff --git a/lib/chessh/auth/password.ex b/lib/chessh/auth/password.ex new file mode 100644 index 0000000..a6fa73d --- /dev/null +++ b/lib/chessh/auth/password.ex @@ -0,0 +1,12 @@ +defmodule Chessh.Auth.PasswordAuthenticator do + alias Chessh.Player + alias Chessh.Repo + use Sshd.PasswordAuthenticator + + def authenticate(username, password) do + case Repo.get_by(Player, username: String.Chars.to_string(username)) do + nil -> false + x -> Player.valid_password?(x, password) + end + end +end diff --git a/lib/chessh/schema/player.ex b/lib/chessh/schema/player.ex new file mode 100644 index 0000000..7d9bb6e --- /dev/null +++ b/lib/chessh/schema/player.ex @@ -0,0 +1,81 @@ +defmodule Chessh.Player do + use Ecto.Schema + import Ecto.Changeset + + @derive {Inspect, except: [:password]} + schema "players" do + field(:username, :string) + + field(:password, :string, virtual: true) + field(:hashed_password, :string) + + timestamps() + end + + def registration_changeset(user, attrs, opts \\ []) do + user + |> cast(attrs, [:username, :password]) + |> validate_username() + |> validate_password(opts) + end + + def password_changeset(user, attrs, opts \\ []) do + user + |> cast(attrs, [:password]) + |> validate_confirmation(:password, message: "does not match password") + |> validate_password(opts) + end + + def valid_password?(%Chessh.Player{hashed_password: hashed_password}, password) + when is_binary(hashed_password) and byte_size(password) > 0 do + Bcrypt.verify_pass(password, hashed_password) + end + + def valid_password?(_, _) do + Bcrypt.no_user_verify() + false + end + + def validate_current_password(changeset, password) do + if valid_password?(changeset.data, password) do + changeset + else + add_error(changeset, :current_password, "is not valid") + end + end + + defp validate_username(changeset) do + changeset + |> validate_required([:username]) + |> validate_length(:username, min: 2, max: 12) + |> validate_format(:username, ~r/^[a-zA-Z0-9_\-]*$/, + message: "only letters, numbers, underscores, and hyphens allowed" + ) + |> unique_constraint(:username) + |> lowercase(:username) + end + + defp validate_password(changeset, opts) do + changeset + |> validate_required([:password]) + |> validate_length(:password, min: 8, max: 80) + |> maybe_hash_password(opts) + end + + defp maybe_hash_password(changeset, opts) do + hash_password? = Keyword.get(opts, :hash_password, true) + password = get_change(changeset, :password) + + if hash_password? && password && changeset.valid? do + changeset + |> put_change(:hashed_password, Bcrypt.hash_pwd_salt(password)) + |> delete_change(:password) + else + changeset + end + end + + defp lowercase(changeset, field) do + Map.update!(changeset, field, &String.downcase/1) + end +end diff --git a/lib/chessh/schema/repo.ex b/lib/chessh/schema/repo.ex new file mode 100644 index 0000000..27d81b9 --- /dev/null +++ b/lib/chessh/schema/repo.ex @@ -0,0 +1,5 @@ +defmodule Chessh.Repo do + use Ecto.Repo, + otp_app: :chessh, + adapter: Ecto.Adapters.Postgres +end diff --git a/lib/schema/player.ex b/lib/schema/player.ex deleted file mode 100644 index 7d9bb6e..0000000 --- a/lib/schema/player.ex +++ /dev/null @@ -1,81 +0,0 @@ -defmodule Chessh.Player do - use Ecto.Schema - import Ecto.Changeset - - @derive {Inspect, except: [:password]} - schema "players" do - field(:username, :string) - - field(:password, :string, virtual: true) - field(:hashed_password, :string) - - timestamps() - end - - def registration_changeset(user, attrs, opts \\ []) do - user - |> cast(attrs, [:username, :password]) - |> validate_username() - |> validate_password(opts) - end - - def password_changeset(user, attrs, opts \\ []) do - user - |> cast(attrs, [:password]) - |> validate_confirmation(:password, message: "does not match password") - |> validate_password(opts) - end - - def valid_password?(%Chessh.Player{hashed_password: hashed_password}, password) - when is_binary(hashed_password) and byte_size(password) > 0 do - Bcrypt.verify_pass(password, hashed_password) - end - - def valid_password?(_, _) do - Bcrypt.no_user_verify() - false - end - - def validate_current_password(changeset, password) do - if valid_password?(changeset.data, password) do - changeset - else - add_error(changeset, :current_password, "is not valid") - end - end - - defp validate_username(changeset) do - changeset - |> validate_required([:username]) - |> validate_length(:username, min: 2, max: 12) - |> validate_format(:username, ~r/^[a-zA-Z0-9_\-]*$/, - message: "only letters, numbers, underscores, and hyphens allowed" - ) - |> unique_constraint(:username) - |> lowercase(:username) - end - - defp validate_password(changeset, opts) do - changeset - |> validate_required([:password]) - |> validate_length(:password, min: 8, max: 80) - |> maybe_hash_password(opts) - end - - defp maybe_hash_password(changeset, opts) do - hash_password? = Keyword.get(opts, :hash_password, true) - password = get_change(changeset, :password) - - if hash_password? && password && changeset.valid? do - changeset - |> put_change(:hashed_password, Bcrypt.hash_pwd_salt(password)) - |> delete_change(:password) - else - changeset - end - end - - defp lowercase(changeset, field) do - Map.update!(changeset, field, &String.downcase/1) - end -end diff --git a/lib/schema/repo.ex b/lib/schema/repo.ex deleted file mode 100644 index 27d81b9..0000000 --- a/lib/schema/repo.ex +++ /dev/null @@ -1,5 +0,0 @@ -defmodule Chessh.Repo do - use Ecto.Repo, - otp_app: :chessh, - adapter: Ecto.Adapters.Postgres -end diff --git a/mix.exs b/mix.exs index 01a7a6b..b73b943 100644 --- a/mix.exs +++ b/mix.exs @@ -14,6 +14,7 @@ defmodule Chessh.MixProject do # Run "mix help compile.app" to learn about applications. def application do [ + mod: {Chessh.Application, []}, extra_applications: [:esshd, :logger] ] end diff --git a/test/chessh_test.exs b/test/chessh_test.exs new file mode 100644 index 0000000..0fa7da8 --- /dev/null +++ b/test/chessh_test.exs @@ -0,0 +1,4 @@ +defmodule ChesshTest do + use ExUnit.Case + doctest Chessh +end diff --git a/test/server_test.exs b/test/server_test.exs deleted file mode 100644 index d710e5c..0000000 --- a/test/server_test.exs +++ /dev/null @@ -1,8 +0,0 @@ -defmodule ChesshTest do - use ExUnit.Case - doctest Chessh - - test "greets the world" do - assert Chessh.hello() == :world - end -end -- cgit v1.2.3-70-g09d2